MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db27cd6f4b01d31a15199d0be03d3fc0b78eb713abea73f5ee9434b84bf04ff1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: db27cd6f4b01d31a15199d0be03d3fc0b78eb713abea73f5ee9434b84bf04ff1
SHA3-384 hash: b0e8c41582d866a02b1e4a75f2b4088a8259f18dde3235b2929498360612ab33e436ec78fafeb82b6a0d85c9fbc50736
SHA1 hash: ad95a79fa4c3f159c19d4da54395a970a663604f
MD5 hash: 2e033e6587663cb49a12d594fe4d0d83
humanhash: texas-red-harry-whiskey
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:922 bytes
First seen:2025-08-15 07:01:33 UTC
Last seen:2025-08-15 19:06:50 UTC
File type: sh
MIME type:text/plain
ssdeep 12:V1iV+AyxCWE+A0NI9kxwA+AVySKxWH+AZyF+AAPC+A6oeV+Au6+AaxRI4qKA+APq:2wVNIqzKxcw1xcxsxv
TLSH T1AA11588D1315E0C54219CDC6B29E0E14DB458FD1B8ADDF35ACD889B36C9A640B878F1F
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.238.235.157/bot.armaf730f09a76c75333ac692625a2e85fee290f9a5327c892be07d7807d47f9a63 Mirai32-bit elf mirai Mozi
http://103.238.235.157/bot.arm5ee26f9d3e892810539ed789c5f5f0cc96f116c31acab60e50e5b57f02736909c Mirai32-bit elf mirai Mozi
http://103.238.235.157/bot.arm6f72d83afe39fe3043d6c4a09ced8da62d4ec0e41d39176a83f7ac847ce7ea168 Mirai32-bit elf mirai Mozi
http://103.238.235.157/bot.arm7caa63fef140215c87f95a5ef38a72c3b51ed70cd50d451a533505e0e1578da60 Mirai32-bit elf mirai Mozi
http://103.238.235.157/bot.m68k2c2ec971ddab897d975ed88a212d6e39bba9bfdb847672d5350198bee6b20e9b Miraielf mirai ua-wget
http://103.238.235.157/bot.mips5696a7da3eba0db1bab93ee101b25ba05f55e6d8a3667ef8c6dd5b4b9082fa4e Miraielf mirai ua-wget
http://103.238.235.157/bot.mpsld92dcb254ffb64983707a6746614db4813c8777a581aa071d463ba859fce5dd4 Miraielf mirai ua-wget
http://103.238.235.157/bot.ppcbb3f7d9769d5859e6747d07dac876170073c7333cc9928eff52c89eac361fbb7 Miraielf mirai ua-wget
http://103.238.235.157/bot.sh42de4122307d9a98c85383e92d9b6e277f02af2b93483c4bf27124b31b09dbcc9 Miraielf mirai ua-wget
http://103.238.235.157/bot.spcn/an/aelf ua-wget
http://103.238.235.157/bot.x861797ce48168a002bad0685eaa7dae58d3d95c221c582fc1ce28b0fa0b3cde3b1 Miraicensys elf mirai ua-wget
http://103.238.235.157/bot.x86_64a90f8890cde3ebe8118c67554479523a5ae5d1927588da59bae8f9f3af463f45 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
34
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30755.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bash lolbin mirai
Link:
https://www.filescan.io/uploads/689edb5d2fbe0788fb207e9b/reports/ca0038a4-e19d-4e68-85f3-65935bb5a5ed/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/db27cd6f4b01d31a15199d0be03d3fc0b78eb713abea73f5ee9434b84bf04ff1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/db27cd6f4b01d31a15199d0be03d3fc0b78eb713abea73f5ee9434b84bf04ff1/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/db27cd6f4b01d31a15199d0be03d3fc0b78eb713abea73f5ee9434b84bf04ff1
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-08-12 14:56:00 UTC
File Type:
Text (Shell)
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3mt4232lahjrufiztuf6apj7yc3y5nytvpvhh5posq2lqs7qj7yq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250815-htj8lafk2s/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/db27cd6f4b01d31a15199d0be03d3fc0b78eb713abea73f5ee9434b84bf04ff1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh db27cd6f4b01d31a15199d0be03d3fc0b78eb713abea73f5ee9434b84bf04ff1

(this sample)

Mirai

elf af730f09a76c75333ac692625a2e85fee290f9a5327c892be07d7807d47f9a63

  
URLhaus
https://urlhaus.abuse.ch/url/3603981/
  
Delivery method
Distributed via web download
  
Dropping
MD5 5b5302136815283885b6e30cafc6e452
  
Dropping
SHA256 af730f09a76c75333ac692625a2e85fee290f9a5327c892be07d7807d47f9a63

Comments